Cloud transparency remains a highly coveted but seemingly elusive wish for organizations. How can you trust a cloud provider with your data if you don’t know what security controls they implement? You can get details under NDA, but how can you compare that provider’s controls with another’s to make an educated buying decision?

But there is a glimmer of hope on the horizon. The Cloud Security Alliance’s (CSA) Security, Trust and Assurance Registry (STAR), which aims to provide a standards-based public repository of cloud provider security controls, is slowly growing. Launched last August, CSA’s STAR recently added SHI International to the three other providers publishing documentation of their controls: Microsoft, Mimecast and Solutionary. On March 30, Microsoft published a self-assessment of Windows Azure to add to its Office 365 documentation. Last week, it published a self-assessment for Microsoft Dynamics CRM Online.

Obviously, STAR needs more cloud providers participating to be an effective tool for cloud users, but with a major provider such as Microsoft taking the lead, one can hope it will lead more providers to step up. At the RSA Conference 2012, CSA Executive Director Jim Reavis told me he expected several providers to participate in the next two to three months, which would “force their peers to do this more wholeheartedly.”

He added that he would be surprised if any of the major providers are not in the registry by the end of this year. Let’s hope that’s the case.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

About This Blog

Written by the staff of SearchSecurity.com and Information Security magazine, Security Bytes covers topics across the spectrum of security, privacy and compliance, such as network security, IAM and data breaches, as well as the people and issues driving enterprise infosec today.